Thursday, February 05, 2009

Experts Question Fallout from New Monster Hack

For the second time in less than 18 months, the job-search Web site Monster.com was breached, along with USAJobs.gov, which Monster's parent company runs for the federal government. And yet Monster might suffer little fallout — because the overall state of computer security is so bad anyway.

Attacks against Web sites have become so common, security experts say, that Monster Worldwide Inc. won't necessarily scare customers away with its January disclosure that its database was plundered of user IDs, passwords, e-mail addresses, names and phone numbers. Monster makes money by charging employers that post jobs and scan the resumes of applicants, who use the service for free.

Security experts said Monster didn't appear to be doing enough to secure its computers, but many played down the latest breach because Monster said no Social Security numbers, personal financial information or resumes were stolen. However, Monster didn't say how many records were exposed. In a previous breach, in August 2007, con artists grabbed resumes on 1.3 million people.

Both incidents affected Monster.com, which boasts more than 75 million members, and USAJobs.gov, which has 8 million registered users. They're both alluring targets because people give job search sites all kinds of personal information. Even just the user names and passwords people use on the sites can be golden to a thief, since people often don't change their information from site to site.